While larger budgets provide healthcare managers with unique opportunities for technology advancements, few people are paying attention to their largest data security weakness – old IT.

By Jim Kegley F

or healthcare management managers and execu- tives, it almost seems impossible. Everyone is buy- ing fancy new biometric scanners, fi sheye lenses and other security devices. They’re upgrading to the newest encryption techniques and working every day to secure information against loss – and yet, in fi rst quarter 2010, the Open Security Foundation recorded over 30 data loss incidents by healthcare groups.

The problem isn’t that people aren’t working hard enough. The problem is that the vast majority of IT capital is going to the latest and greatest internal security, even though 85 percent of security breaches occur off-network. So how do you cover the gap? Proper IT asset disposition, also known as ITAD.

Don’t just throw money at IT

Although Applied Management Systems (AMS) re- ports that healthcare IT departments are securing larger budgets overall, the fact remains that demands on the IT workforce are increasing at a similar pace. As IT advances and electronic charting becomes increasingly popular, most of the budget increases within healthcare management groups are spent on the time-consuming process of design- ing new internal standards, integrating new technology and maintaining new assets.

But replacing all your old stuff with the latest and greatest IT assets creates more chances for data exposure, as the older, unused equipment is ushered out the back door to its fi nal resting place.

So, while larger budgets provide healthcare managers with unique opportunities for technology advancements, few people are paying attention to their largest data se- curity weakness – old IT.

Before contributing to the chaos with more money for more IT assets, take a second and make sure that you are focused on closing the gap with top-notch security for your off-site ITAD. Only after securing your disposition process can you buy new IT assets with the complete confi dence that your old ones are not exposing you to danger.

18 September 2010

Avoid complacency Unfortunately, as long as no one exposes your data or reports security problems, existing problems with ITAD can lurk beneath the surface, going unnoticed for years. Often, this fools management teams into a false sense of security. Nothing could be further from the truth. As more and more assets are replaced, there are more and more opportunities for data exposure.

The reality is that most breaches occur offl ine, where the least amount of attention is paid.

And the costs associated with even a single security data breach are simply too high to risk. Consider the fol- lowing situation: • 57 hard drives were stolen from a secure BlueCross of Tennessee location.

• BlueCross had to notify 32 state attorney generals. • BlueCross has already spent over $7 million on the discovery process.

• This single event could cost over $200 million and years of work before it is over.

• BlueCross must notify thousands of customers that their information has been lost or exposed. If this seems like an extreme case, think again. Blue- Cross was not violating any standards, procedures or laws when the hard drives were stolen. Rather, the drives were sitting in storage, waiting for someone to fi nish the IT disposition process.

And, even though BlueCross lost 57 hard drives, even small amounts of lost data can quickly become costly. On average, each lost or exposed customer record costs $202.

Start working now

So how can proactive healthcare management execu- tives assure themselves that they will not end up in the same situation as BlueCross, potentially paying out hun-